​What Is SSL?

Since the majority of my readership are not IT professionals, I'll avoid technical specifics while answering this question.

SSL (Secure Socket Layer) is a way of securing the transmission of data on the worldwide web by encrypting it from end-to-end (from its source to its destination). This means that if the data is intercepted along its route, it will make no sense to the data thief because it would be “scrambled” (encrypted with a secret key).

An example of this would be when you log into any online account (Facebook, Twitter, Gmail, your bank, etc). When you type in your password and click “log in”, your password is “scrambled” (encrypted) before it gets sent to the service you're logging into. It doesn't get “unscrambled” (decrypted) until it arrives at the other end, and only the service at the other end can “unscramble” it. Bad luck for anyone who tries to steal it along the way.

So this all sounds pretty safe right?

Not necessarily.

Why not?

Because “safe” and “secure”, in this context at least, are not the same thing. This process is very secure but that doesn't mean it's safe.

​Secure Vs Safe

SSL is “secure” in the sense that the data being transmitted (your login details, for example) are transmitted securely. However, SSL makes no guarantees about what happens to your data once it arrives at its destination.

Anybody, absolutely anybody, with a website can add SSL encryption to it. Even fraudsters! In fact, they often do! By and large, no checks on one's reputation are made when applying for an SSL certificate and you can add one to your website with just a couple of mouse clicks...FOR FREE!

The situation is like taking secure transport to a war zone. You're guaranteed to get there in one piece, but you could still take a sniper round to the forehead within seconds of your arrival!

What does this all mean?

It means that the https protocol and padlock symbol in your browser are not guarantees of safety or trustworthiness. The only way to safely submit your personal information to a website is to be 100% convinced that the website is genuine, reputable, trustworthy, and hasn't been hacked.